NEW DELHI: Wallet applications like Paytm along with a host of mobile banking applications are prone to malicious software attacks because they don’t use hardware-based security layer, a senior executive at US chipmaker Qualcomm has warned.

Hardware-based security layer would ensure that malware on a smartphone does not affect a mobile payments app, Sy Choudhary, senior director for program management at Qualcomm, told reporters on Tuesday.

He said Qualcomm has started directly approaching these firms with its hardware-based solution. “It includes rewriting the application to enable the hardware-based based security layer,” Choudhary said. Currently wallet app companies in India are using only the basic Android software-based security layer, he said.

Adoption of mobile wallets such as Paytm has increased phenomenally in the country since the demonetisation of Rs 500 and Rs 1,000 currency notes on November 8, leading to a liquidity crunch. The government too is pushing digital transaction. IT minister Ravi Shankar Prasad recently said digital transactions have surged in the range of 400-1,000% since demonetisation announcement.

“Indian firms will also start using this feature starting next year,” he said. Qualcomm expects to announce its first security tieup with a mobile wallet player within six months, he said.

All smartphones using Qualcomm's Snapdragon processors have this facility, Choudhary said, adding that such phones are being shipped since last 5-6 years.

Paytm had recently launched a new security measure that allows Android user to add a lock on all transactions from your wallet.

Qualcomm claims that it offers this facility natively through its chipsets, while its competitors offer this through third party partners.

Qualcomm is also coming up with new feature in its mobile chipsets from 2017 that verify user with payment gateway using unique features like device id, phone manufacturer signature, Android version in the phone, root kit of operating system, location and time, which will be nearly impossible to duplicate.

"Device attestation feature will start shipping in 2017. For end users it should be available by end of 2017," Choudhury said.

The company has partnered with software security company Avast to generate alerts for users in case their mobile phones are infected with virus or malware.

Several people ET spoke with about Ericsson’s India operations, including its current and former employees, said the Stockholm-based firm has reduced headcount in the last one year or so across functions, in line with its global restructuring.